1. Introduction

SKG Services Europe Aps, Jægersborg Alle 4, 4^th floor, 2920 Charlottenlund, Denmark (“SKG Services Europe”, “we”, “us” or “our”) is committed to protecting the confidentiality, integrity, and availability of information about our customers, suppliers and collaborators, including personal data. We are strongly committed to protecting personal data and continuously strive to ensure ongoing compliance with data protection law, including the General Data Protection Regulation.

When performing our services, engagements, consulting, and advisory services, we generally consider ourselves as data controller.

When processing personal data in connection with our provision of certain consultancy and advisory services, we are in some cases processing data on behalf of our customer and in accordance with the customer’s instructions. This is primarily when SKG Services Europe is working in the customers production environment on the customer’s request. In these cases, SKG Services Europe is the data processor. Consequently, we enter into a written data processing agreement with our customer, setting out instructions and terms and conditions for SKG Services Europe’s processing of personal data.

This privacy statement provides information about SKG Services Europe’s processing of personal data when SKG Services Europe is acting as a data controller. Read more about this below.

2. Processing activities

To learn more about the specific categories of data that SKG Services Europe is processing, and the purposes and legal basis of the processing, please see the relevant sections below.

2.1 Customer engagement

Purpose
The purpose is to manage the engagements with our customers (including create customer and job accounts, provide consultancy services, invoice, and carry out quality assurance and control), administer, manage, and develop our business and services, operate and maintain our IT systems.

Data subject
The customer, its employees and contacts, if any.

Categories of personal data
SKG Services Europe processes non-sensitive personal data, including names, addresses, telephone numbers and e-mail addresses of our customers and names, job titles, telephone numbers and e-mail addresses of the customers’ contacts.

Legal basis for processing
The processing of personal data is necessary in order for us to perform the agreement with the customer or implement measures at the customer’s request prior to the conclusion of the agreement, see Article 6(1)(b) of the General Data Protection Regulation.

Furthermore, processing is necessary in order for us to pursue our legitimate interest in managing the customer cooperation, administering, managing and developing our business and services, e.g. identifying customer needs and improvements in service delivery, operating and maintaining IT systems made available to or used as part of our servicing of the customer, as well as hosting, administering and managing our website, systems and applications. see Article 6(1)(f) of the said Regulation.

Source
The customer and contacts, if any. SKG Services Europe may search for relevant information published on the Internet, for example LinkedIn, Facebook and similar social media.

Period of retention
SKG Services Europe retains personal data for five years, counted from the end of the calendar year of the last job/engagement, unless special circumstances require shorter or longer periods of storage.

Contacts are deleted as soon as possible after SKG Services Europe becomes aware that such contacts are no longer employed with the customer.

Recipients
SKG Services Europe discloses personal data to professional advisers, including accountants and public authorities, in the event that SKG Services Europe is required to do so. Besides this, SKG Services Europe does not disclose information to third parties, but we engage data processors, including IT suppliers, to whom we make personal data available. SKG Services Europe enters into data processing agreements with all data processors to ensure appropriate security.

2.2 Supplier and business partner administration

Purpose
The purpose is to carry out contract management, receive goods and services from our suppliers and business partners and, where relevant, to provide professional services to our customers.

Data subject
The supplier or business partner, including any contacts employed with them.

Categories of personal data
SKG Services Europe processes non-sensitive personal data, including names, addresses, e-mail addresses and phone numbers, as well as any bank account information on suppliers and business partners.

In addition, SKG Services Europe processes names, job titles, e-mail addresses and telephone numbers of any contacts employed with suppliers and business partners.

Legal basis for processing
The processing of personal data is necessary in order for us to perform the agreement with the supplier and the business partner, see Article 6(1)(b) of the General Data Protection Regulation. 

The processing of personal data relating to the contacts of a supplier and its business partners is necessary to enable us to pursue our legitimate interest in administering and performing the agreement with the business partner, see Article 6(1)(f) of the General Data Protection Regulation.

Source
The supplier, business partner or their contacts. SKG Services Europe may search for relevant information published on the Internet, for example LinkedIn, Facebook and similar social media.

Period of retention
SKG Services Europe retains personal data for five years, counting from termination of the supplier relationship or business partnering, unless special circumstances require shorter or longer periods of storage.

2.3 Recruitment

Purpose
The purpose is to be able to recruit, including to process and assess candidates in relation to current or future positions with SKG Services Europe.

Data subject
The candidate and any references specified by the candidate

Categories of personal data
SKG Services Europe processes non-sensitive personal data forwarded by candidates, including names, addresses, telephone numbers and e-mail addresses, data in applications, curriculum vitae, references, exam papers, photos and other supporting documents.

If a candidate is invited to an interview, SKG Services Europe collects and processes personal data in connection with references.

We do not need to process the candidate’s CPR number (in Denmark) or personal identification number and therefore request that such information not be sent to SKG Services Europe. In exceptional cases, we may process sensitive personal data received from the candidate, if these are relevant to the candidate’s position with SKG Services Europe.

Legal basis for processing
The processing of personal data is necessary for us to pursue our legitimate interest in processing and assessing the candidate, filling the position with an appropriate candidate and storing the personal data for subsequent recruitment processes, see Article 6(1)(f) of the General Data Protection Regulation.

SKG Services Europe processes data from references on the basis of the candidate’s consent, see Article 6(1)(a) of the General Data Protection Regulation.

SKG Services Europe may also process sensitive data, including health data, on the basis of the candidate’s consent, see Article 9(2)(b) of the General Data Protection Regulation, and Section 12(1) of the Danish Act on the Processing of Personal Data.

Source
The candidate and any references.

During the selection process, SKG Services Europe may search for relevant information published on the Internet, for example LinkedIn, Facebook and similar social media.

Period of retention
If the candidate is not offered a position, we delete the information six months after the candidate has been informed that he or she was not selected, unless the candidate has consented to us storing it for a longer period of time, for example in connection with the recruitment for other or future positions, or if special circumstances warrant a longer period of storage

Recipients
SKG Services Europe does not disclose the candidate’s personal data to third parties, but in some cases, we may make them available to data processors, such as test providers, recruitment agencies, etc., which provide services to us in connection with a recruitment process. In that case, we will enter into the necessary agreements to ensure, inter alia, that personal data are processed properly and securely in accordance with the obligations set out in the GDPR.

If the candidate consents to SKG Services Europe collecting references, the declaration of consent will be forwarded to the enterprise(s) and contact person(s) provided by the candidate as references in order to serve as documentation of the candidate’s consent to SKG Services Europe obtaining reference information about the candidate.

2.4 Marketing

Purpose
The purpose is to launch marketing initiatives, including targeted communication to our relations, such as sending you newsletters, provide you with offers and send you different types of marketing material. We also use the personal data to identify you as a participant in our events and demo sessions and to log and save the events you participated in and the material you’ve received.

Data subject
The relation

Categories of personal data
SKG Services Europe processes non-sensitive personal data, including names, job positions, company names, addresses, telephone numbers and e-mail addresses.

Legal basis for processing
Processing is necessary for us to pursue our legitimate interest, including our interest in marketing our firm and our interest in targeting the material distributed by SKG Services Europe, see Article 6(1)(f) of the General Data Protection Regulation.

Processing of personal data as part of the delivery of our newsletters is based on the consent of the relation, see Article 6(1)(a) of the General Data Protection Regulation.

Source
The relation, employees of SKG Services Europe or via publicly available sources, such as the central business register (cvr.dk) or LinkedIn.

Period of retention
SKG Services Europe retains personal data for no longer than five years, counted from our most recent dialogue with the relation.

If the relation has signed up to our newsletter, SKG Services Europe will process his/her personal data until consent is revoked.

Recipients
SKG Services Europe does not disclose personal data, but we engage data processors, including IT suppliers, marketing agencies, etc., to whom we make personal data available. SKG Services Europe enters into data processing agreements with all data processors to ensure appropriate security. We do not share personal data with third parties for their marketing or advertising unless you give us or the third party explicitly permission to do so. We do not sell personal data under any circumstances.

2.5 Website Visitors

Purpose
SKG Services Europe processes personal data in order to improve or modify our website www.skg-services.eu, our services, including our widgets, services and products to you and to provide certain services, e.g., requests for demos or newsletter signup.

Data subject
Website visitors

Categories of personal data
SKG Services Europe solely processes non-sensitive personal data submitted by the data subject or the use of which the data subject has consented to, e.g. names, e-mail addresses, company names, company addresses, job titles and other identification data.

SKG Services Europe also collects information about visitor activity on www.skg-services.eu. Read more about SKG Services Europe’s use of cookies in our Cookie Policy.

Legal basis for processing
SKG Services Europe processes personal data on the basis of the visitor’s consent, e.g. registration for or delivery of a given service, see Article 6(1)(a) of the General Data Protection Regulation.

Source
Website visitors.

Period of retention
SKG Services Europe stores the personal data for two years, counted from the date on which the visitor submitted his/her personal data. As regards information collected through the use of cookies, we refer to our cookie policy.

Recipients
SKG Services Europe does not disclose personal data, but we engage data processors, including IT suppliers, marketing agencies, etc., to whom we make personal data available. SKG Services Europe enters into data processing agreements with all data processors to ensure appropriate security. We do not share personal data with third parties for their marketing or advertising unless you give us or the third party explicitly permission to do so. We do not sell personal data under any circumstances

3. Transfer to third parties

We never disclose, sell or exchange your personal information to third parties.
However, we use specific companies to help us deliver our services to you, such as sending out newsletters and running our website. These third-party companies are sub-processors, which means that they are not entitled to use the data for their own purposes. We have contracts with them, which means they cannot do anything with your personal information unless we have instructed them to do it. They must not share your data with any organization apart from us or use your data for anything else than instructed by us. They will hold your data securely and keep it for the period we tell them to.

You may see the list of third-party sub-processors by contacting us.

4. Security of Processing

Information security is the business risk given top priority at SKG Services Europe. We take the security of all the data we hold very seriously, and we adhere to internationally recognized security standards. We have security measures in place to ensure data protection of customer information, personal data and other confidential information. We regularly perform internal follow-up in relation to the appropriateness of and compliance with policies and measures.

Sub processors located outside EU/EEA
Some of these sub-processors are located outside of EU / EEA, e.g. in the US. You consent to us using data processors in unsecure third countries provided that there is a legal framework governing the transfer of your personal data and ensuring adequate protection of it, for example if the data processor is part of the EU-US Privacy Shield framework.

5. Individual Rights

As an individual, you have certain rights over your personal data, which SKG Services Europe as data controller are obligated to fulfil.

1. Your right of access
   You always have the right to ask us for copies of your personal data.
2. Your right to correction
   You can always ask us to correct information you think is inaccurate and you can also ask us to complete information you think is incomplete.
3. Your right to withdraw your consent
   Where we process personal data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please contact us. If you no longer wish to receive e-mails with information or marketing material about SKG Services Europe, please click on the unsubscribe link in the relevant e-mail received from us. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal
4. Your right to erase
   You can also ask us to erase your personal information, except in the following situations:
   – You have an unresolved case with customer service
   – You have an open order that has not yet been completed
   – You have a financial balance with SKG Services Europe regardless of payment method
5. Your rights to restriction of processing and to object to processing
   You have the right to ask us to restrict the processing of your information in certain circumstances and the same goes for your right to object to processing.
6. Your right to data portability
   This only applies to information you have given us. You have the right to ask us to transfer the information you gave us to another organization, or to give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

6. Changes to this privacy statement

We recognize that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.

This privacy statement was last updated on October 3rd, 2022.

7. Contact information

The data controller is:

SKG Services Europe Aps

Jægersborg Alle 4, 4^th floor, 2920 Charlottenlund, Denmark.

CVR nr. 41299509

If you want to exercise your rights as described above, or if you have any questions about this privacy statement or how and why we process personal data, please contact us at:

Telephone: +45 22 88 00 00
E-mail: [email protected]  

8. Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an e-mail with the details of your complaint to [email protected]. We will process the complaint and respond within one month.

You also have the right to lodge a complaint with the Danish Data Protection Agency in relation to your rights and to SKG Services Europe’s processing of your personal data. For further information about how to complain to the Danish Data Protection Agency, please refer to the Danish Data Protection Agency website www.datatilsynet.dk